ira/wip.git
14 years agos3-dcerpc: no point for printing NDR twice for internal pipes in log level 10.
Günther Deschner [Fri, 1 Oct 2010 17:48:11 +0000 (19:48 +0200)]
s3-dcerpc: no point for printing NDR twice for internal pipes in log level 10.

Guenther

14 years agosamba: share readline wrappers among all buildsystems.
Günther Deschner [Fri, 1 Oct 2010 08:34:14 +0000 (10:34 +0200)]
samba: share readline wrappers among all buildsystems.

Guenther

14 years agos3-readline: move cmd_history to smbclient, the only user.
Günther Deschner [Fri, 1 Oct 2010 08:33:32 +0000 (10:33 +0200)]
s3-readline: move cmd_history to smbclient, the only user.

Guenther

14 years agosamba: share select wrappers.
Günther Deschner [Fri, 1 Oct 2010 08:08:15 +0000 (10:08 +0200)]
samba: share select wrappers.

Guenther

14 years agos4-auth: fixed a vagrind error when creating keytabs
Andrew Tridgell [Fri, 1 Oct 2010 20:07:42 +0000 (13:07 -0700)]
s4-auth: fixed a vagrind error when creating keytabs

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agoautobuild: revert a bit more of the subunit changes
Andrew Tridgell [Fri, 1 Oct 2010 20:07:04 +0000 (13:07 -0700)]
autobuild: revert a bit more of the subunit changes

still not quite right - we can enable this again once its fully tested

14 years agoautobuild: disable the subuit changes for now - they break error checking
Andrew Tridgell [Fri, 1 Oct 2010 18:31:28 +0000 (11:31 -0700)]
autobuild: disable the subuit changes for now - they break error checking

14 years agoautobuild: fixed the tuples in the retry_task
Andrew Tridgell [Fri, 1 Oct 2010 18:17:04 +0000 (11:17 -0700)]
autobuild: fixed the tuples in the retry_task

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct  1 18:22:22 UTC 2010 on sn-devel-104

14 years agoautobuild: cwd is needed on all command types
Andrew Tridgell [Fri, 1 Oct 2010 18:12:24 +0000 (11:12 -0700)]
autobuild: cwd is needed on all command types

14 years agos4-rpmd: fixed a use after realloc bug
Andrew Tridgell [Fri, 1 Oct 2010 17:26:49 +0000 (10:26 -0700)]
s4-rpmd: fixed a use after realloc bug

we could use old_el after the base message had been re allocated, due
to adding timestamps. We need to re-find the element before using it

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-dsdb: fail the transaction instead of asserting on error
Andrew Tridgell [Fri, 1 Oct 2010 17:24:46 +0000 (10:24 -0700)]
s4-dsdb: fail the transaction instead of asserting on error

It is more useful to fail the transaction and give the user an error
message than to assert when we have an error in the repl_meta_data
module

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agoautobuild: Avoid unnecessary chdir() calls.
Jelmer Vernooij [Fri, 1 Oct 2010 15:45:47 +0000 (17:45 +0200)]
autobuild: Avoid unnecessary chdir() calls.

14 years agoautobuild: Output test results in subunit.
Jelmer Vernooij [Fri, 1 Oct 2010 12:25:55 +0000 (14:25 +0200)]
autobuild: Output test results in subunit.

14 years agos3-selftest: fix prefix in subunit output.
Jelmer Vernooij [Fri, 1 Oct 2010 11:39:28 +0000 (13:39 +0200)]
s3-selftest: fix prefix in subunit output.

14 years agos3: Add subunit-test target.
Jelmer Vernooij [Fri, 1 Oct 2010 11:30:01 +0000 (13:30 +0200)]
s3: Add subunit-test target.

14 years agos3-configure: Require at least version 1.2.6 of external TDB, which has
Jelmer Vernooij [Fri, 1 Oct 2010 11:17:58 +0000 (13:17 +0200)]
s3-configure: Require at least version 1.2.6 of external TDB, which has
TDB_INCOMPATIBLE_HASH.

14 years agos4: Add 'subunit-test' make target.
Jelmer Vernooij [Fri, 1 Oct 2010 10:59:40 +0000 (12:59 +0200)]
s4: Add 'subunit-test' make target.

14 years agoautobuild: Provide more information about build sequence, stage name and output mime...
Jelmer Vernooij [Fri, 1 Oct 2010 10:19:56 +0000 (12:19 +0200)]
autobuild: Provide more information about build sequence, stage name and output mime type (all plain text for now).

14 years agoautobuild: Add --always-email option.
Jelmer Vernooij [Fri, 1 Oct 2010 09:28:48 +0000 (11:28 +0200)]
autobuild: Add --always-email option.

14 years agoautobuild-remote: Support autobuild.py rather than land.py.
Jelmer Vernooij [Fri, 1 Oct 2010 02:42:59 +0000 (04:42 +0200)]
autobuild-remote: Support autobuild.py rather than land.py.

Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Fri Oct  1 09:46:37 UTC 2010 on sn-devel-104

14 years agoRemove land.py - it's been obsoleted by autobuild.py.
Jelmer Vernooij [Fri, 1 Oct 2010 02:11:21 +0000 (04:11 +0200)]
Remove land.py - it's been obsoleted by autobuild.py.

14 years agoautobuild: Add --daemon option.
Jelmer Vernooij [Fri, 1 Oct 2010 00:53:38 +0000 (02:53 +0200)]
autobuild: Add --daemon option.

14 years agoautobuild: Remove autogen step for projects that have checked in configure.
Jelmer Vernooij [Wed, 29 Sep 2010 00:52:36 +0000 (00:52 +0000)]
autobuild: Remove autogen step for projects that have checked in configure.

14 years agoautobuild: Simplify find_git_root.
Jelmer Vernooij [Wed, 29 Sep 2010 00:38:18 +0000 (02:38 +0200)]
autobuild: Simplify find_git_root.

14 years agopidl: Fix handling of typedefs of typedefs.
Jelmer Vernooij [Wed, 29 Sep 2010 00:29:02 +0000 (02:29 +0200)]
pidl: Fix handling of typedefs of typedefs.

14 years agos3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
Günther Deschner [Fri, 1 Oct 2010 04:42:58 +0000 (06:42 +0200)]
s3-spoolss: fix do_drv_upgrade_printer() which must have been broken since the
days we moved away from fstrings.

Guenther

14 years agos3-net: better handle obscure 0x80070002 error reply when trying to update an
Günther Deschner [Fri, 1 Oct 2010 04:08:47 +0000 (06:08 +0200)]
s3-net: better handle obscure 0x80070002 error reply when trying to update an
not yet published printer.

Guenther

14 years agos3-net: make sure we dont crash when publishing a single printer.
Günther Deschner [Fri, 1 Oct 2010 04:08:12 +0000 (06:08 +0200)]
s3-net: make sure we dont crash when publishing a single printer.

Guenther

14 years agos3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from...
Günther Deschner [Fri, 1 Oct 2010 04:07:25 +0000 (06:07 +0200)]
s3-spoolss: make sure we dont crash on NULL setprinter level2 elements as seen from win7.

Guenther

14 years agos3-spoolss: dont overwrite location change notify.
Günther Deschner [Fri, 1 Oct 2010 04:05:38 +0000 (06:05 +0200)]
s3-spoolss: dont overwrite location change notify.

Guenther

14 years agos3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail
Andrew Tridgell [Fri, 1 Oct 2010 03:56:20 +0000 (20:56 -0700)]
s3-selftest: added samba3.posix_s3.rpc.spoolss.printer to knownfail

this fails intermittently on sn-devel. Guenther suggested adding it to
knownfail

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Fri Oct  1 04:37:36 UTC 2010 on sn-devel-104

14 years agoheimdal: added verbose logging of hemimdal crypto errors
Andrew Bartlett [Fri, 1 Oct 2010 03:13:34 +0000 (20:13 -0700)]
heimdal: added verbose logging of hemimdal crypto errors

14 years agoautobuild: fixed the --tail option for new log locations
Andrew Tridgell [Fri, 1 Oct 2010 02:41:50 +0000 (19:41 -0700)]
autobuild: fixed the --tail option for new log locations

14 years agos4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET
Andrew Tridgell [Thu, 30 Sep 2010 22:24:58 +0000 (15:24 -0700)]
s4-rodc: don't set SPECIAL_SECRET_PROCESSING on EXOP_REPL_SECRET

otherwise we don't get the secrets!

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-spn: don't try and send an empty SPN list
Andrew Tridgell [Thu, 30 Sep 2010 22:02:50 +0000 (15:02 -0700)]
s4-spn: don't try and send an empty SPN list

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agoselftest: Let selftest provide the tempdir, rather than creating it as sideeffect...
Jelmer Vernooij [Fri, 1 Oct 2010 01:31:06 +0000 (01:31 +0000)]
selftest: Let selftest provide the tempdir, rather than creating it as sideeffect of tests.py.

14 years agoselftest: fixed a selftest error on sn
Andrew Tridgell [Fri, 1 Oct 2010 00:24:50 +0000 (17:24 -0700)]
selftest: fixed a selftest error on sn

Pair-Programmed-With: Jelmer Vernooij <jelmer@samba.org>

14 years agodelete_object: Remove unnecessary pass calls.
Jelmer Vernooij [Thu, 30 Sep 2010 23:41:58 +0000 (01:41 +0200)]
delete_object: Remove unnecessary pass calls.

14 years agos4-selftest: Remove unnecessary PYTHONPATH overrides.
Jelmer Vernooij [Thu, 30 Sep 2010 23:05:12 +0000 (01:05 +0200)]
s4-selftest: Remove unnecessary PYTHONPATH overrides.

14 years agos4-selftest: Normalize paths.
Jelmer Vernooij [Thu, 30 Sep 2010 16:29:58 +0000 (18:29 +0200)]
s4-selftest: Normalize paths.

14 years agos4-selftest: Finish conversion of selftest.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 16:23:20 +0000 (18:23 +0200)]
s4-selftest: Finish conversion of selftest.sh to Python.

14 years agos4-selftest: Convert tests.sh to Python.
Jelmer Vernooij [Thu, 30 Sep 2010 12:55:04 +0000 (14:55 +0200)]
s4-selftest: Convert tests.sh to Python.

14 years agoautobuild: push of ref/notes/commits isn't allowed in master
Andrew Tridgell [Thu, 30 Sep 2010 21:42:02 +0000 (14:42 -0700)]
autobuild: push of ref/notes/commits isn't allowed in master

metze may enable this later

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Sep 30 22:25:02 UTC 2010 on sn-devel-104

14 years agos4-provision: wipe the old keytabs when provisioning
Andrew Tridgell [Thu, 30 Sep 2010 19:45:00 +0000 (12:45 -0700)]
s4-provision: wipe the old keytabs when provisioning

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab
Andrew Tridgell [Thu, 30 Sep 2010 19:44:39 +0000 (12:44 -0700)]
s4-rodc: fixed the keyVersionNumber on the RODC account in secrets.keytab

we need to fetch the msDS-keyVersionNumber from the writeable DC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-drs: put the GCSPN flag into the repsTo if requested
Andrew Tridgell [Thu, 30 Sep 2010 19:43:45 +0000 (12:43 -0700)]
s4-drs: put the GCSPN flag into the repsTo if requested

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-libnet: wipe the old keytab when exporting
Andrew Tridgell [Thu, 30 Sep 2010 19:43:14 +0000 (12:43 -0700)]
s4-libnet: wipe the old keytab when exporting

this prevents confusion with old keytab entries

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-dsdb: silence the domainFunctionality not setup warning
Andrew Tridgell [Thu, 30 Sep 2010 19:42:35 +0000 (12:42 -0700)]
s4-dsdb: silence the domainFunctionality not setup warning

14 years agoautobuild: added much better email reporting
Andrew Tridgell [Thu, 30 Sep 2010 17:41:36 +0000 (10:41 -0700)]
autobuild: added much better email reporting

logs are now accessible via http://git.samba.org

14 years agoautobuild: fixed exit status
Andrew Tridgell [Thu, 30 Sep 2010 16:37:42 +0000 (09:37 -0700)]
autobuild: fixed exit status

this should fix the case where we don't send logs on failure

14 years agos4-drs: added support for level 10 of getncchanges
Andrew Tridgell [Thu, 30 Sep 2010 06:30:18 +0000 (23:30 -0700)]
s4-drs: added support for level 10 of getncchanges

added a simple mapping from req8

14 years agoLDAPCmp feature to compare nTSecurityDescriptors
Zahari Zahariev [Thu, 30 Sep 2010 01:13:02 +0000 (04:13 +0300)]
LDAPCmp feature to compare nTSecurityDescriptors

New feature that enables LDAPCmp users to find unmatched or
missing ACEs in objects for the three naming contexts between
DCs in one domain (default) or different domains. Comparing
security descriptors is not the default action but attribute
compatison. So to activate the new mode there is --sd switch.
However there are two view modes to the new --sd action which
are 'section' (default) or 'collision'. In 'section' mode you
can only find differences connected to missing or value
unmatched ACEs but not disorder unmatch if ACE values and count
are the same. All of the mentioned differences plus disorder
ACE unmatch you can observe under 'collision' view however
it is more verbose.

Signed-off-by: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>
14 years agos3: Add "smbcontrol winbindd ip-dropped <local-ip>"
Volker Lendecke [Wed, 29 Sep 2010 10:17:05 +0000 (12:17 +0200)]
s3: Add "smbcontrol winbindd ip-dropped <local-ip>"

This is supposed to improve the winbind reconnect time after an ip address
has been moved away from a box. Any kind of HA scenario will benefit from
this, because winbindd does not have to wait for the TCP timeout to kick in
when a local IP address has been dropped and DC replies are not received
anymore.

14 years agos3: Re-introduce a procid_self()
Volker Lendecke [Thu, 30 Sep 2010 14:27:42 +0000 (16:27 +0200)]
s3: Re-introduce a procid_self()

Giving the parent pid to reinit_after_fork is not a good idea....
None of the other callers do this, checked it.

14 years agos3: Fix a typo in dump-domain-list smbcontrol usage msg
Volker Lendecke [Thu, 30 Sep 2010 13:17:09 +0000 (15:17 +0200)]
s3: Fix a typo in dump-domain-list smbcontrol usage msg

14 years agos4-selftest: Add some more comments to skip file.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:38 +0000 (10:31 +0200)]
s4-selftest: Add some more comments to skip file.

14 years agoselftest: Eliminate some unnecessary spaces.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:29 +0000 (10:31 +0200)]
selftest: Eliminate some unnecessary spaces.

14 years agoselftest: Avoid accessing deprecated BaseException.message.
Jelmer Vernooij [Thu, 30 Sep 2010 08:31:03 +0000 (10:31 +0200)]
selftest: Avoid accessing deprecated BaseException.message.

Thanks to Andreas for pointing this out.

14 years agosubunit: Import new upstream snapshot (adds subunit_progress())
Jelmer Vernooij [Thu, 30 Sep 2010 07:29:42 +0000 (09:29 +0200)]
subunit: Import new upstream snapshot (adds subunit_progress())

14 years agotesttools: Import new upstream snapshot.
Jelmer Vernooij [Thu, 30 Sep 2010 07:18:01 +0000 (09:18 +0200)]
testtools: Import new upstream snapshot.

14 years agos4-drepl: don't call UpdateRefs on a RODC
Andrew Tridgell [Thu, 30 Sep 2010 05:08:48 +0000 (22:08 -0700)]
s4-drepl: don't call UpdateRefs on a RODC

we use the ADD_REF bit in getncchanges instead

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agos4-drepl: fixed the checking of replica_flags in the drepl server
Andrew Tridgell [Thu, 30 Sep 2010 05:04:21 +0000 (22:04 -0700)]
s4-drepl: fixed the checking of replica_flags in the drepl server

we were incorrectly avoiding a getncchanges when WRIT_REP was not set

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agos4-kcc: fixed the replica_flags in repsFrom in the kcc
Andrew Tridgell [Thu, 30 Sep 2010 05:03:35 +0000 (22:03 -0700)]
s4-kcc: fixed the replica_flags in repsFrom in the kcc

if our calculated replica_flags doesn't match the ones in our repsFrom
then update it

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agoidl-drsuapi: fixed another replica_flags that should use the bitmap
Andrew Tridgell [Thu, 30 Sep 2010 05:02:54 +0000 (22:02 -0700)]
idl-drsuapi: fixed another replica_flags that should use the bitmap

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agos4-dns: send A record updates via TKEY
Andrew Tridgell [Thu, 30 Sep 2010 00:33:49 +0000 (17:33 -0700)]
s4-dns: send A record updates via TKEY

14 years agos3-spoolss: make sure to exit early and with the appropriate error code in
Günther Deschner [Thu, 30 Sep 2010 00:28:41 +0000 (02:28 +0200)]
s3-spoolss: make sure to exit early and with the appropriate error code in
_spoolss_GetPrinterDriver2.

Guenther

14 years agospoolss: use the correct flags for spoolss_PrinterInfo1 struct.
Günther Deschner [Thu, 30 Sep 2010 00:05:36 +0000 (02:05 +0200)]
spoolss: use the correct flags for spoolss_PrinterInfo1 struct.

Guenther

14 years agos3-spoolss: Fix servername/printername handling which turns out to be very important...
Günther Deschner [Wed, 29 Sep 2010 02:51:56 +0000 (04:51 +0200)]
s3-spoolss: Fix servername/printername handling which turns out to be very important to get right.

Guenther

14 years agos4-smbtorture: add new EnumPrinters test to test printername/servername
Günther Deschner [Wed, 29 Sep 2010 02:49:57 +0000 (04:49 +0200)]
s4-smbtorture: add new EnumPrinters test to test printername/servername
behaviour in EnumPrinter and GetPrinter calls.

Guenther

14 years agos4-samldb: also set a password on the krbtgt_NNNN account
Andrew Tridgell [Wed, 29 Sep 2010 23:35:52 +0000 (16:35 -0700)]
s4-samldb: also set a password on the krbtgt_NNNN account

when we setup the krbtgt_NNNN account using the DCPROMO_OID control,
we also need to set an initial password for this account

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-devel: added new options to getncchanges script
Andrew Tridgell [Wed, 29 Sep 2010 22:50:04 +0000 (15:50 -0700)]
s4-devel: added new options to getncchanges script

added --pas, --dest-dsa and --replica-flags options

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agos4-drs: implement PAS checks and access checks for getncchanges
Andrew Tridgell [Wed, 29 Sep 2010 22:49:15 +0000 (15:49 -0700)]
s4-drs: implement PAS checks and access checks for getncchanges

This implements partial attribute set checking on getncchanges. If the
client sends a partial_attribute_set then we only return the specified
attributes.

This also implements access checking on the NC root for the access
right GUIDs for requests with and without reveal secrets

Pair-Programmed-With: Anatoliy Atanasov <anatoliy.atanasov@postpath.com>

14 years agos4-drs: added drs_security_access_check_nc_root()
Andrew Tridgell [Wed, 29 Sep 2010 22:46:23 +0000 (15:46 -0700)]
s4-drs: added drs_security_access_check_nc_root()

this checks securiity on the NC root of the specified naming context

14 years agoutil: added BINARY_ARRAY_SEARCH_V()
Andrew Tridgell [Wed, 29 Sep 2010 22:45:27 +0000 (15:45 -0700)]
util: added BINARY_ARRAY_SEARCH_V()

this is used to search an array of values

14 years agos4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC
Andrew Tridgell [Wed, 29 Sep 2010 06:19:26 +0000 (23:19 -0700)]
s4-sam: added DOMAIN_RID_ENTERPRISE_READONLY_DCS for RODCs in the PAC

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agolibds: added more UF_ -> ACB_ flags mappings
Andrew Tridgell [Wed, 29 Sep 2010 06:18:47 +0000 (23:18 -0700)]
libds: added more UF_ -> ACB_ flags mappings

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

14 years agomidltests: add midltests-pipe-sync-ndr32-downgrade-02.idl
Stefan Metzmacher [Wed, 29 Sep 2010 08:47:34 +0000 (10:47 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-02.idl

metze

14 years agomidltests: support for fragmented RPC traffic
Stefan Metzmacher [Wed, 29 Sep 2010 07:37:05 +0000 (09:37 +0200)]
midltests: support for fragmented RPC traffic

metze

14 years agomidltests: print out the alloc_hint for requests and responses
Stefan Metzmacher [Wed, 29 Sep 2010 07:06:58 +0000 (09:06 +0200)]
midltests: print out the alloc_hint for requests and responses

metze

14 years agomidltests: improve NDR64 downgrade
Stefan Metzmacher [Wed, 29 Sep 2010 04:03:08 +0000 (06:03 +0200)]
midltests: improve NDR64 downgrade

metze

14 years agomidltests: revert to a simple default midltests.idl
Stefan Metzmacher [Wed, 29 Sep 2010 08:28:29 +0000 (10:28 +0200)]
midltests: revert to a simple default midltests.idl

metze

14 years agos3-waf: add basic make test infrastructure, not able to test yet.
Günther Deschner [Wed, 29 Sep 2010 06:54:00 +0000 (08:54 +0200)]
s3-waf: add basic make test infrastructure, not able to test yet.

Guenther

14 years agos3-waf: clean up socket-wrapper and nss-wrapper a little.
Günther Deschner [Wed, 29 Sep 2010 06:49:39 +0000 (08:49 +0200)]
s3-waf: clean up socket-wrapper and nss-wrapper a little.

Guenther

14 years agos3-waf: add vlp binary.
Günther Deschner [Wed, 29 Sep 2010 06:48:49 +0000 (08:48 +0200)]
s3-waf: add vlp binary.

Guenther

14 years agos4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call
Andrew Tridgell [Wed, 29 Sep 2010 03:47:03 +0000 (20:47 -0700)]
s4-spnupdate: when we are a RODC we need to use the WriteSPN DRS call

we can't do SPN updates via sam writes and replication, as the sam is
read-only

14 years agos4-drsutils: expose DsBind() call in drs_utils.py
Andrew Tridgell [Wed, 29 Sep 2010 03:46:15 +0000 (20:46 -0700)]
s4-drsutils: expose DsBind() call in drs_utils.py

this will be used by samba_spnupdate

14 years agos4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers
Andrew Tridgell [Wed, 29 Sep 2010 03:43:58 +0000 (20:43 -0700)]
s4-kerberos: use TZ=GMT when we are invoking krb5 code in helpers

Our helper scripts can fail on Fedora with the PDT timezone (Western
USA). This is the same issue we found with Heimdal earlier today, the
24 second difference between GMT and UTC, but this time in MIT
Kerberos as linked into bind9.

By forcing TZ=GMT in these scripts we avoid the problem

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-rodc: RODC should not accept requests for role transfer
Nadezhda Ivanova [Wed, 29 Sep 2010 02:35:56 +0000 (19:35 -0700)]
s4-rodc: RODC should not accept requests for role transfer

A RODC cannot assume a role, and unwillingToPerform must be
returned if such request is sent via LDAP

14 years agos4-provision: simplify our generated krb5.conf
Andrew Tridgell [Wed, 29 Sep 2010 02:11:34 +0000 (19:11 -0700)]
s4-provision: simplify our generated krb5.conf

we don't want to force the KDC to be ourselves, we should
be using DNS to find a live KDC. Also remove some other options and
allow the krb5 lib to use defaults.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-kdc: RODC DCs should be able to produce forwardable tickets
Andrew Tridgell [Wed, 29 Sep 2010 02:10:27 +0000 (19:10 -0700)]
s4-kdc: RODC DCs should be able to produce forwardable tickets

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agoheimdal: fixed timegm UTC/GMT bug
Andrew Tridgell [Wed, 29 Sep 2010 02:09:58 +0000 (19:09 -0700)]
heimdal: fixed timegm UTC/GMT bug

This was a wonderful bug!

On some Fedora systems, but not on Ubuntu, there is a difference
between UTC and GMT. Heimdal replaced timegm() with _der_timegm()
which did not account for that difference (which is 24 seconds at the
moment). This led to a mutual authentication failure.

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agos4-sam: fixed termination of krbtgt_attrs (comma and NULL)
Andrew Tridgell [Wed, 29 Sep 2010 02:07:43 +0000 (19:07 -0700)]
s4-sam: fixed termination of krbtgt_attrs (comma and NULL)

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

14 years agoldb-dn: don't crash on NULL in ldb_binary_encode_string()
Andrew Tridgell [Wed, 29 Sep 2010 01:01:21 +0000 (18:01 -0700)]
ldb-dn: don't crash on NULL in ldb_binary_encode_string()

Thanks to Nadya for finding this one!

14 years agos4-kdc Ensure that an RODC may act as a server (needed to fill
Andrew Bartlett [Tue, 28 Sep 2010 23:06:39 +0000 (09:06 +1000)]
s4-kdc Ensure that an RODC may act as a server (needed to fill
the krbtgt role).

Andrew Bartlett

14 years agoheimdal Use a seperate krb5_auth_context for the delegated credentials
Andrew Bartlett [Tue, 28 Sep 2010 20:44:33 +0000 (06:44 +1000)]
heimdal Use a seperate krb5_auth_context for the delegated credentials

If we re-use this context, we overwrite the timestamp while talking
to the KDC and fail the mutual authentiation with the target server.

Andrew Bartlett

14 years agomidltests/todo: add some random idl files I had tested month ago
Stefan Metzmacher [Tue, 28 Sep 2010 07:57:22 +0000 (09:57 +0200)]
midltests/todo: add some random idl files I had tested month ago

metze

14 years agomidltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example
Stefan Metzmacher [Wed, 29 Sep 2010 00:36:51 +0000 (02:36 +0200)]
midltests: add midltests-pipe-sync-ndr32-downgrade-01.idl example

metze

14 years agomidltests: add some usefull defines to midltests.idl
Stefan Metzmacher [Wed, 29 Sep 2010 00:50:19 +0000 (02:50 +0200)]
midltests: add some usefull defines to midltests.idl

metze

14 years agomidltests: make it possible to allow downgrades to NDR32
Stefan Metzmacher [Wed, 29 Sep 2010 00:35:54 +0000 (02:35 +0200)]
midltests: make it possible to allow downgrades to NDR32

metze

14 years agomidltests: add a midltests_tcp.exe tool
Stefan Metzmacher [Tue, 28 Sep 2010 09:04:59 +0000 (11:04 +0200)]
midltests: add a midltests_tcp.exe tool

This uses a man in the middle approach in order to dump the
request and response pdus.

It also tests NDR32 and NDR64.

metze